100 | Access Control Lists (ACLs)
www.dell.com | support.dell.com
TCP packets: To create a filter for TCP packets with a specified sequence number, use these commands
in the following sequence, starting in the CONFIGURATION mode:
When you use the log keyword, CP processor logs details about the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’
details.
UDP packets: To create a filter for UDP packets with a specified sequence number, use these
commands in the following sequence, starting in the CONFIGURATION mode:
When you create the filters with a specific sequence number, you can create the filters in any order and the
filters are placed in the correct order.
Figure 6-7 illustrates how the
seq command orders the filters according to the sequence number assigned.
In the example, filter 15 was configured before filter 5, but the
show config command displays the filters
in the correct order.
Step Command Syntax Command Mode Purpose
1
ip access-list extended
access-list-name
CONFIGURATION Create an extended IP ACL and assign it a
unique name.
2
seq sequence-number {deny |
permit} tcp {source mask | any
| host ip-address}} [count
[byte] | log] [order] [monitor]
[fragments]
CONFIG-EXT-NACL Configure an extended IP ACL filter for TCP
packets.
• log and monitor options are supported on
E-Series only.
Step Command Syntax Command Mode Purpose
1 ip access-list extended
access-list-name
CONFIGURATION Create a extended IP ACL and assign it a unique
name.
2 seq sequence-number {deny |
permit} {ip-protocol-number
udp} {source mask | any |
host ip-address} {destination
mask | any | host ip-address}
[operator port [port]] [count
[byte] | log] [order] [monitor]
[fragments]
CONFIG-EXT-NACL Configure an extended IP ACL filter for UDP
packets.
• log and monitor options are supported on
E-Series only.
Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a
new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or
another number.
To Next Page
Loading...
